diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-12-12 20:13:07 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-12-17 15:38:41 +0100 |
| commit | 7d010b8f5b769328ae21ad71a3d583d9859fde2c (patch) | |
| tree | da587fdf3088e310ae070dd3d4015ea0045e102b /include | |
| parent | 210717c2641874edaee705a9c08820b7082d16ea (diff) | |
src: add NFTNL_SET_ELEM_EXPRESSIONS
NFTNL_SET_ELEM_EXPR defines the stateful expression type that this
element stores. This is useful to restore runtime set element stateful
expressions (when saving, then reboot and restore).
This patch adds support for the set element expression list, which
generalizes NFTNL_SET_ELEM_EXPR.
This patch also adds nftnl_set_elem_add_expr() to add new expressions to
set elements and nftnl_set_elem_expr_foreach() to iterate over the list
of expressions.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/libnftnl/set.h | 7 | ||||
| -rw-r--r-- | include/linux/netfilter/nf_tables.h | 3 | ||||
| -rw-r--r-- | include/set_elem.h | 2 |
3 files changed, 11 insertions, 1 deletions
diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h index 961ce5d..1804850 100644 --- a/include/libnftnl/set.h +++ b/include/libnftnl/set.h @@ -107,6 +107,7 @@ enum { NFTNL_SET_ELEM_EXPR, NFTNL_SET_ELEM_OBJREF, NFTNL_SET_ELEM_KEY_END, + NFTNL_SET_ELEM_EXPRESSIONS, __NFTNL_SET_ELEM_MAX }; #define NFTNL_SET_ELEM_MAX (__NFTNL_SET_ELEM_MAX - 1) @@ -144,6 +145,12 @@ int nftnl_set_elem_parse_file(struct nftnl_set_elem *e, enum nftnl_parse_type ty int nftnl_set_elem_snprintf(char *buf, size_t size, const struct nftnl_set_elem *s, uint32_t type, uint32_t flags); int nftnl_set_elem_fprintf(FILE *fp, const struct nftnl_set_elem *se, uint32_t type, uint32_t flags); +struct nftnl_expr; +void nftnl_set_elem_add_expr(struct nftnl_set_elem *e, struct nftnl_expr *expr); +int nftnl_set_elem_expr_foreach(struct nftnl_set_elem *e, + int (*cb)(struct nftnl_expr *e, void *data), + void *data); + int nftnl_set_elem_foreach(struct nftnl_set *s, int (*cb)(struct nftnl_set_elem *e, void *data), void *data); struct nftnl_set_elems_iter; diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index e4cdf78..5cf3faf 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -367,6 +367,7 @@ enum nft_set_attributes { NFTA_SET_OBJ_TYPE, NFTA_SET_HANDLE, NFTA_SET_EXPR, + NFTA_SET_EXPRESSIONS, __NFTA_SET_MAX }; #define NFTA_SET_MAX (__NFTA_SET_MAX - 1) @@ -405,6 +406,7 @@ enum nft_set_elem_attributes { NFTA_SET_ELEM_PAD, NFTA_SET_ELEM_OBJREF, NFTA_SET_ELEM_KEY_END, + NFTA_SET_ELEM_EXPRESSIONS, __NFTA_SET_ELEM_MAX }; #define NFTA_SET_ELEM_MAX (__NFTA_SET_ELEM_MAX - 1) @@ -712,6 +714,7 @@ enum nft_dynset_attributes { NFTA_DYNSET_EXPR, NFTA_DYNSET_PAD, NFTA_DYNSET_FLAGS, + NFTA_DYNSET_EXPRESSIONS, __NFTA_DYNSET_MAX, }; #define NFTA_DYNSET_MAX (__NFTA_DYNSET_MAX - 1) diff --git a/include/set_elem.h b/include/set_elem.h index 52f185a..9239557 100644 --- a/include/set_elem.h +++ b/include/set_elem.h @@ -10,7 +10,7 @@ struct nftnl_set_elem { union nftnl_data_reg key; union nftnl_data_reg key_end; union nftnl_data_reg data; - struct nftnl_expr *expr; + struct list_head expr_list; uint64_t timeout; uint64_t expiration; const char *objref; |